Spam, or unwanted e-mail, once a tolerable inconvenience to internet users, has turned into an epidemic in recent years. Senders of spam often used forged email addresses and accounts to disguise where they are sending the email from, making it impossible to simply block particular email addresses or ISPs. While spam filters can be of some help in reducing the quantity of the unwanted email, they are, at best, an incomplete solution.
One solution to this problem is the use of public key cryptography, in particular, digital signatures. In this scenario, each ISP would attach a digital signature to all outgoing email. The digital signature is a value produced as a function of the message to be signed together with the ISP's private key. Each ISP has an associated private key and a public key. The ISP keeps its private key secret, but it can make its public key freely available.
When an ISP of the recipient of the email receives an email from the ISP of the sender, the receiving ISP retrieves the public key of the sending ISP and attempts to verify the digital signature of the email using the public key. If the digital signature is successfully verified, then the receiving ISP can assume that the email was in fact sent by the ISP of the sender. Further, the receiving ISP may compare the name of the sending ISP against some type of reputation list. If the sending ISP is associated with sources of SPAM, then the email may be denied. Otherwise, ISP may forward the email to the recipient. This method prevents spammers from forging the origins of their emails, because they do not know the private key of legitimate ISPs, as well as provides accountability for ISPs that continue to send spam, since we can presumably add those ISPs to the reputation list.
However, such a system still relies on the availability of the public keys for ISPs. A spammer could tamper with the ISP list, even temporarily, and substitute a legitimate public key with one associated with the spammers private key. This method would allow a spammer to send messages, with valid signatures, purporting to be from the ISP. These messages would be successfully authenticated using the forged public key, and delivered to users.